Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2022-09-13 CVE-2022-37703 Path Traversal vulnerability in Amanda 3.5.1
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary.
local
low complexity
amanda CWE-22
3.3
3.3
2022-09-13 CVE-2022-32190 Path Traversal vulnerability in Golang GO 1.19.0
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path.
network
low complexity
golang CWE-22
7.5
7.5
2022-09-11 CVE-2022-26049 Path Traversal vulnerability in Diffplug Goomph
This affects the package com.diffplug.gradle:goomph before 3.37.2.
network
low complexity
diffplug CWE-22
8.8
8.8
2022-09-09 CVE-2022-38638 Path Traversal vulnerability in Casbin Casdoor 1.97.3
Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.
network
low complexity
casbin CWE-22
critical
 9.1
9.1
2022-09-09 CVE-2022-38614 Path Traversal vulnerability in Bpcbt Smartvista Cardgen 3.28.0
An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.
network
low complexity
bpcbt CWE-22
7.5
7.5
2022-09-09 CVE-2022-28741 Path Traversal vulnerability in Aenrich A+Hrd
aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x
network
high complexity
aenrich CWE-22
8.1
8.1
2022-09-09 CVE-2022-38613 Path Traversal vulnerability in Bpcbt Smartvista Cardgen 3.28.0
A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.
network
low complexity
bpcbt CWE-22
6.5
6.5
2022-09-09 CVE-2022-36850 Path Traversal vulnerability in Google Android 12.0
Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid.
local
high complexity
google CWE-22
4.7
4.7
2022-09-09 CVE-2022-37299 Path Traversal vulnerability in Shirne CMS Project Shirne CMS 1.2.0
An issue was discovered in Shirne CMS 1.2.0.
network
low complexity
shirne-cms-project CWE-22
6.5
6.5
2022-09-08 CVE-2022-38258 Path Traversal vulnerability in Dlink Dir-819 Firmware 1.06
A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request.
network
low complexity
dlink CWE-22
8.1
8.1